Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore how cybercriminals operating Command-and-Control (C2) servers for infostealers can become victims of their own malware through this 22-minute conference talk from NorthSec 2025. Learn about the underground market for stealer logs containing credentials and system information, and discover how threat intelligence researchers can turn the tables on cybercriminals by analyzing these logs to expose operator identities and infrastructure. Examine two distinct profiles within the infostealer ecosystem: "NoObSec" amateur operators with poor security practices who inadvertently expose themselves through their own logs, and "Skip Tracers' Nightmares" sophisticated actors who maintain strict operational security from dedicated virtual machines. Analyze real-world case studies including a malware distributor using cracked software for infections and threat actors operating multiple malware families to create complex cybercriminal ecosystems. Understand how stealer logs serve as powerful investigative tools for mapping cybercrime infrastructure and techniques, while gaining insights into the wide spectrum of expertise levels among infostealer operators from those who accidentally reveal their identities to those who masterfully conceal their operations.
